1. Field of the Invention
The present invention relates to the exchange of messages containing encrypted data between different locations within a network, and in particular to structures of such messages which facilitate handling of the messages in an expedient manner.
Increasingly, services which were at one time only available by post or in person, such as banking services for example, are being offered either by telephone, or via an information technology network such as the internet. The provision of such services via these new media raises issues both in relation to authentication of the identity of the sender of a message, and security of the information passed in the message. In recent years, these problems have both been addressed by the widespread adoption of public key encryption technology, typically in combination with a secret, symmetric key.
This works in the following manner: Sensitive data within a message is encrypted using what is known as a session key. The session key is symmetric and, therefore, functions in the same manner as a traditional secret key, i.e., possession of the key enables decryption of a message encrypted using it, because the same key is used for encryption and decryption, the decryption process simply being the reverse of the encryption process. Consequently, both encryption and decryption processes with a symmetric key require only relatively small levels of computing power. The session key is then encrypted using what is known as the “public key” of the party for whom the encrypted message is intended. The encrypted session key and the message encrypted with the session key are then sent to the receiving party. The public key is, as its name suggests, freely available in the same way that a telephone number may be in a telephone directory. However, the public key is an asymmetric key, meaning that a different key to the public key, known as a private key (which is secret to the receiving party), is required for decryption; the process of decryption is, therefore, not the inverse of the encryption process. The encrypted session key cannot, therefore, be decrypted by a party who is only in possession of the public key used to encrypt it, meaning that the message is secure. The process of asymmetric decryption using a private key requires a relatively high level of computing power. However, because the private key is only used to decrypt the session key (which is usually small is size compared with the body of the message), and the decrypted session key is then used to perform symmetric decryption on the body of the message, this technology may be adopted by any private user with a standard desktop computer. The present invention is concerned, inter alia, with the structure of such messages and the manner in which such messages are handled.
2. Description of Related Art
An existing approach, used within the context of providing services via the internet or worldwide web, is known as “Secure Sockets Layer” protocol (SSL), according to which shared state, such as the session key, must be maintained between messages for the duration of the interaction between, for example, a provider of services and a consumer. Inherently this is a somewhat inflexible approach, since it requires, for example, that each pair of messages conform to a criterion (such as the session key) laid down in a previous message. SSL protocol is described in more detail at http://www.netscape.com/eng/ss13/draft302.txt.